Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1159373

Summary: IDM Subsystem doesn't authenticate users
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Jan Tymel <jtymel>
Component: PicketLinkAssignee: Pedro Igor <psilva>
Status: CLOSED NOTABUG QA Contact: Jan Tymel <jtymel>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.4.0CC: anmiller, hmlnarik, psilva, pskopek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-05 09:46:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Examples, for details see description
none
Working WAR. none

Description Jan Tymel 2014-10-31 17:24:27 UTC 
Created attachment 952559 [details]
Examples, for details see description

Description of problem:
IDM Subsystem authentication by AuthenticationFilter (org.picketlink.authentication.web.AuthenticationFilter) doesn't seem to work correctly.
Programmatically created user with JPA storage can authenticate himself/herself using basic type authentication (see attached example). However, the user created  using IDM Subsystem JPA storage is not able to log in (see attached, the project is set up according to BZ 1158504).
Also due to user's inability to log in correctly, the Identity bean is not invoked.
I have found this behaviour as a bug.

Both cases were tested with EAP 6.4.0.DR7.

How reproducible:
Always

Steps to Reproduce (Subsystem):
1. Extract subsystem.zip
2. Use attached standalone.xml
3. Extract workingMyModule.zip file and add the content to JBOSS_HOME/modules
4. Deploy subsystem.war file
5. Access this URL http://localhost:8080/subsystem/servlet and try to fill login 'john' and password 'pass'

Steps to Reproduce (Programmatic):
1. Extract programmatic.zip
2. Deploy programmatic.war
3. Access this URL http://localhost:8080/programmatic/servlet with login 'john' and password 'pass'

Actual results:
User cannot log in

Expected results:
User is able to log in

Additional info:

programmatic.zip contains:
- programmatic.war = web archive using default PartitionManager
- picketlink-jpa.zip = sources using default PartitionManager

subsystem.zip contains:
- subsystem.war = web archive using custom PartitionManager
- standalone.xml = standalone configuration
- workingMyModule.zip = EAP module (contains entity classes)
- subsystem-src.zip = source files using custom PartitionManager

Note:
If you comment the filter and its mapping in WEB-INF/web.xml you can access the servlet and see that the user is stored in database.
Comment 1 Pedro Igor 2014-10-31 19:26:07 UTC 
Hi Jan,

   Your example is missing some bits. Let me try to give you some background first.

   When you are consuming a PartitionManager managed by the subsystem you must tell your application to use it instead of the default that is created by PicketLink if you don't provide any.

   To specify which PartitionManager to use you need to provide a @Producer annotated with the @PicketLink qualfier as follows:

   public class IdentityManagementConfiguration {

       @Resource(mappedName = "picketlink/JpaBasedPartitionManager")
       @Produces
       @PicketLink
       private PartitionManager partitionManager;
   }

   Basically, the code above is injecting the PM managed by the subsystem (obtained from JNDI) and producing it to your application.

   This is not related with PL subsystem, but how PicketLink works. For more details, please take a look at this documentation [1].

   Also, I had to add the following property to your app's META
-INF/persistence.xml:

       <property name="hibernate.dialect" value="org.hibernate.dialect.H2Dialect"/>

   Please, let me know if this is enough to get your tests working. You can also take a look at my attachment with all changes I did to get it working.

Thanks.
       
[1] http://docs.jboss.org/picketlink/2/latest/reference/html-single/#Providing_a_Custom_Configuration
Comment 2 Pedro Igor 2014-10-31 19:26:50 UTC 
Created attachment 952574 [details]
Working WAR.
Comment 3 JBoss JIRA Server 2014-11-05 07:05:44 UTC 
Rostislav Svoboda <rsvoboda> updated the status of jira EAP6-182 to Resolved
Comment 4 Jan Tymel 2014-11-05 09:46:31 UTC 
Hi Pedro,
thanks for your hints and background, it has been working as expected now.
However the case using custom PartitionManager should be documented explicitly (apart from the programmatic produce of PartitionManager).

Closing as NOTABUG